P
US9716725B2ActiveUtilityPatentIndex 31

Executing a remote control command to activate one or more peripheral of a mobile device in a peripheral control domain

Assignee: GREEN HILLS SOFTWARE INCPriority: Jun 16, 2014Filed: Jun 16, 2014Granted: Jul 25, 2017
Est. expiryJun 16, 2034(~7.9 yrs left)· nominal 20-yr term from priority
Inventors:O'DOWD DANIELKLEIDERMACHER DAVIDCANTRELL THOMASKOU DENNISHETTENA DANIEL
G06F 9/45558G06F 2009/45587G06F 13/10G06F 21/53H04L 63/1466H04L 63/10
31
PatentIndex Score
0
Cited by
16
References
23
Claims

Abstract

In certain embodiments, virtualization mechanisms used to defend against spying can also be used by attackers as a means to execute spying attacks more effectively. In certain embodiments, attack methods may use the virtualization mechanisms to surreptitiously activate input peripherals without the user's knowledge or authorization. In certain embodiments, a virtualized network interface may be employed in which all network traffic transiting a portable wireless system is routed through a remote control component within a peripheral control domain. The remote control component may be used by an attacker to communicate remotely with the portable device to send it peripheral activation commands. The remote control component can then activate peripherals via the peripheral access module without the user's or general-purpose operating system's knowledge or authorization. All other network traffic may be passed through as normal and expected to the general-purpose operating system.

Claims

exact text as granted — not AI-modified
We claim: 
     
       1. A method of gaining remote access to one or more of a mobile device's peripherals, comprising:
 receiving data at the mobile device;
 wherein the mobile device comprising: 
 at least one portable operating system domain; 
 a peripheral control domain comprising: a peripheral access policy module, a remote control component, and a physical peripheral access module; 
 a machine virtualization module that isolates the at least one portable operating system domain from the peripheral control domain; and 
 an I/O virtualization mechanism interposed between the at least one portable operating system domain and the peripheral control domain; 
 
 determining by the remote control component of the peripheral control domain whether the data received comprises a remote control command to activate the one or more of the mobile device's peripherals; and 
 performing a selected one of: 
 executing the remote control command via the physical peripheral access module without forwarding the remote control command to the operating system domain if the data comprises the remote control command to activate the one or more of the mobile device's peripherals; or 
 passing the data to the at least one portable operating system domain via the I/O virtualization mechanism if the data does not comprise the remote control command. 
 
     
     
       2. The method of  claim 1 , wherein the peripheral control domain comprises:
 a physical peripheral control module; and 
 a policy component for deciding how to handle input peripheral requests originating from the at least one portable operating system. 
 
     
     
       3. The method of  claim 1 , wherein the machine virtualization module comprises a Type-1 hypervisor. 
     
     
       4. The method of  claim 1 , wherein the machine virtualization module comprises a Type-2 hypervisor. 
     
     
       5. The method of  claim 1 , wherein the machine virtualization module utilizes ARM TrustZone. 
     
     
       6. The method of  claim 1 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel. 
     
     
       7. The method of  claim 2 , wherein the machine virtualization module comprises a Type-1 hypervisor. 
     
     
       8. The method of  claim 2 , wherein the machine virtualization module comprises a Type-2 hypervisor. 
     
     
       9. The method of  claim 2 , wherein the machine virtualization module utilizes ARM TrustZone. 
     
     
       10. The method of  claim 2 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel. 
     
     
       11. The method of  claim 1 , further comprising:
 providing one or more alternative virtualized controls that mimic one or more operating system peripheral controls for interfacing to the at least one portable operating system. 
 
     
     
       12. The method of  claim 1 , further comprising:
 transferring at least one control request and at least one response via a logical communications interface between the at least one portable operating system domain and the peripheral control domain. 
 
     
     
       13. The method of  claim 1 , further comprising:
 detecting an attempt to access at least one or more of a mobile device's peripherals; and 
 transferring control of the at least one or more of a mobile device's peripherals to said peripheral control domain. 
 
     
     
       14. A method of gaining remote access to one or more of a mobile device peripherals, comprising:
 installing a peripheral control domain comprising: a peripheral access policy module, a remote control component, and a physical peripheral access module on a mobile device having at least one operating system domain; 
 installing a machine virtualization module on the mobile device that isolates the operating system domain from the peripheral control domain; and 
 installing an I/O virtualization mechanism on the mobile device, wherein the I/O virtualization mechanism is interposed between the operating system domain and the peripheral control domain; 
 receiving data at the mobile device; 
 determining by the remote control component of the peripheral control domain whether the data received comprises a remote control command to activate the one or more of the mobile device peripherals; and 
 performing a selected one of:
 executing the remote control command via the physical peripheral access module without forwarding the remote control command to the operating system domain if the data comprises a remote control command to activate the one or more of the mobile device peripherals; or 
 passing the data to the at least one portable operating system domain via the I/O virtualization mechanism if the data does not comprise the remote control command. 
 
 
     
     
       15. The method of  claim 14 , wherein the peripheral control domain comprises:
 a physical peripheral control module; and 
 a policy module for deciding how to handle input peripheral requests originating from the operating system. 
 
     
     
       16. The method of  claim 14 , wherein the machine virtualization module comprises a Type-1 hypervisor. 
     
     
       17. The method of  claim 14 , wherein the machine virtualization module comprises a Type-2 hypervisor. 
     
     
       18. The method of  claim 14 , wherein the machine virtualization module utilizes ARM TrustZone. 
     
     
       19. The method of  claim 14 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel. 
     
     
       20. The method of  claim 14 , wherein the machine virtualization module comprises a Type-1 hypervisor. 
     
     
       21. The method of  claim 15 , wherein the machine virtualization module comprises a Type-2 hypervisor. 
     
     
       22. The method of  claim 15 , wherein the machine virtualization module utilizes ARM TrustZone. 
     
     
       23. The method of  claim 15 , wherein the machine virtualization module comprises one of a microkernel and a separation kernel.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.